We will see how to integrate this third party library with a .NET Core website to authenticate the users with the cookie middleware and make the website only accessible to authenticated users members of the “Admins” group.

We are going to first create a very simple user class and an interface for the authentication service:

The goal is to be able to use the IAuthenticationService later in our DI container and inject our LDAP implementation.
We will also assume that you have a configuration object defined as follow (example of the corresponding json format at the end):

The controler handling the user authentication will be containing 2 routes: one for login and one for logout. The view model used in this example should contain 2 fields: Username and Password.
(Make sure to include the AllowAnonymous attribute because later we will apply a default filter that will require authentication on all requests)

To setup the cookie authentication we call the UseCookieAuthentication method on the IApplicationBuilder object. We have to define our /login and /logout routes as well:

publicclassStartup{publicvoidConfigure(IApplicationBuilderapp,IHostingEnvironmentenv,ILoggerFactoryloggerFactory){app.UseCookieAuthentication(newCookieAuthenticationOptions{Events=newCookieAuthenticationEvents{// You will need this only if you use Ajax calls with a library not compatible with IsAjaxRequest// More info here: https://github.com/aspnet/Security/issues/1056OnRedirectToAccessDenied=context=>{context.Response.StatusCode=(int)HttpStatusCode.Forbidden;returnTaskCache.CompletedTask;}},AuthenticationScheme="app",LoginPath=newPathString("/login"),AutomaticAuthenticate=true,AutomaticChallenge=true});app.UseMvc(routes=>{routes.MapRoute(name:"login",template:"login",defaults:new{controller="Account",action="Login"});routes.MapRoute(name:"logout",template:"logout",defaults:new{controller="Account",action="Logout"});});}}

And finally we can use a default filter applied to all routes that will require the users to be authenticated and in the “Admins” group (unless we specify the AllowAnonymous attribute on the controller/action):

publicclassApplyPolicyOrAuthorizeFilter:AuthorizeFilter{publicApplyPolicyOrAuthorizeFilter(AuthorizationPolicypolicy):base(policy){}publicApplyPolicyOrAuthorizeFilter(IAuthorizationPolicyProviderpolicyProvider,IEnumerable<IAuthorizeData>authorizeData):base(policyProvider,authorizeData){}publicoverrideTaskOnAuthorizationAsync(AuthorizationFilterContextcontext){if(context.Filters.Any(f=>{varfilter=fasAuthorizeFilter;//There's 2 default Authorize filter in the context for some reason...so we need to filter out the empty onesreturnfilter?.AuthorizeData!=null&&filter.AuthorizeData.Any()&&f!=this;})){returnTaskCache.CompletedTask;}returnbase.OnAuthorizationAsync(context);}}// and in the Startup.cs:publicclassStartup{publicvoidConfigureServices(IServiceCollectionservices){// default access requires admin accessvarisAdminUserPolicy=newAuthorizationPolicyBuilder().RequireRole("Admin").Build();services.AddMvc(options=>{options.Filters.Add(newApplyPolicyOrAuthorizeFilter(isAdminUserPolicy));});}}

Lastly here’s a sample of what the LDAP section of your config file could look like: